From b0115d0ab5d79562f1fe0d2a33860157e72ba97a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristj=C3=A1n=20Valur=20J=C3=B3nsson?= Date: Fri, 11 Nov 2022 14:34:53 +0000 Subject: [PATCH 1/2] Add failing unittest demonstrating the problem --- tests/test_dependency_scopes.py | 59 +++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 tests/test_dependency_scopes.py diff --git a/tests/test_dependency_scopes.py b/tests/test_dependency_scopes.py new file mode 100644 index 000000000..0d07cd305 --- /dev/null +++ b/tests/test_dependency_scopes.py @@ -0,0 +1,59 @@ +from unittest.mock import Mock, call, patch + +import pytest +from fastapi import FastAPI, Security +from fastapi.security import SecurityScopes +from fastapi.testclient import TestClient + + +async def security1(scopes: SecurityScopes): + return _security1(scopes.scopes) + + +def _security1(scopes): # pragma: no cover + pass + + +async def security2(scopes: SecurityScopes): + return _security2(scopes.scopes) + + +def _security2(scopes): # pragma: no cover + pass + + +async def dep3( + dep=Security(security1, scopes=["scope1"]), + dep2=Security(security2, scopes=["scope2"]), +): + return {} + + +@pytest.fixture +def mocks(): + with patch.dict(globals(), {"_security1": Mock()}): + with patch.dict(globals(), {"_security2": Mock()}): + yield + + +app = FastAPI() + + +@app.get("/recursive_scopes") +def recursive_scopes(dep=Security(dep3, scopes=["scope3"])): + return {} + + +client = TestClient(app) + + +@pytest.mark.xfail() +# issue https://github.com/tiangolo/fastapi/issues/5623 +def test_recursive_scopes(mocks): + """ + Test that scope recursion properly applies. Scopes added to a dependency should propagate + and be prepended correctly to all sub-dependencies. + """ + client.get("recursive_scopes") + _security1.assert_has_calls([call(["scope3", "scope1"])]) + _security2.assert_has_calls([call(["scope3", "scope2"])]) From f9cc73867e9aa58073423a07f2fde718cb9939df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristj=C3=A1n=20Valur=20J=C3=B3nsson?= Date: Fri, 11 Nov 2022 14:38:32 +0000 Subject: [PATCH 2/2] Add fix to scope propagation: Do not mutate incoming list. --- fastapi/dependencies/utils.py | 2 +- tests/test_dependency_scopes.py | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/fastapi/dependencies/utils.py b/fastapi/dependencies/utils.py index 3df5ccfc8..bebbbe954 100644 --- a/fastapi/dependencies/utils.py +++ b/fastapi/dependencies/utils.py @@ -147,7 +147,7 @@ def get_sub_dependant( security_scopes = security_scopes or [] if isinstance(depends, params.Security): dependency_scopes = depends.scopes - security_scopes.extend(dependency_scopes) + security_scopes = security_scopes + list(dependency_scopes) if isinstance(dependency, SecurityBase): use_scopes: List[str] = [] if isinstance(dependency, (OAuth2, OpenIdConnect)): diff --git a/tests/test_dependency_scopes.py b/tests/test_dependency_scopes.py index 0d07cd305..957a0896e 100644 --- a/tests/test_dependency_scopes.py +++ b/tests/test_dependency_scopes.py @@ -47,7 +47,6 @@ def recursive_scopes(dep=Security(dep3, scopes=["scope3"])): client = TestClient(app) -@pytest.mark.xfail() # issue https://github.com/tiangolo/fastapi/issues/5623 def test_recursive_scopes(mocks): """